Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nVCJmhFMb83gvB2R2U-hSqvqOrY.roa
File:                     nVCJmhFMb83gvB2R2U-hSqvqOrY.roa (raw, json)
Hash identifier:          /YERfaDChwnXHF/qpIBHQyOtHUuBLeX/WEtxA7mKmAY=
Subject key identifier:   9D:50:89:9A:11:4C:6F:CD:E0:BC:1D:91:D9:4F:A1:4A:AB:EA:3A:B6
Certificate issuer:       /CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
Certificate serial:       01942143EF8A576D0A6F3BBBD749BA04981B
Authority key identifier: 9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nVCJmhFMb83gvB2R2U-hSqvqOrY.roa
Signing time:             Wed 01 Jan 2025 09:48:07 +0000
ROA not before:           Wed 01 Jan 2025 09:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52000
IP address blocks:        103.76.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ef:8a:57:6d:0a:6f:3b:bb:d7:49:ba:04:98:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f312e9297bc1d27ebeb476dea0ee15dd756542d
        Validity
            Not Before: Jan  1 09:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d50899a114c6fcde0bc1d91d94fa14aabea3ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:8e:ac:b8:1e:be:a1:ef:16:1e:c9:a3:6a:95:
                    5c:5d:ef:af:7b:09:d0:fa:0d:9d:79:ef:6d:4e:15:
                    90:b4:e2:07:05:4a:60:56:18:7b:5f:2a:60:05:82:
                    0b:20:ab:35:63:29:30:e9:ea:53:b0:1f:d7:19:ec:
                    e3:62:24:42:72:6c:51:6f:c9:2f:7f:f2:aa:97:7e:
                    14:4a:78:b5:56:5b:1b:e8:67:e6:4e:73:a3:a4:66:
                    7e:35:ab:eb:e2:90:00:ff:10:80:67:d7:ea:cf:2a:
                    8c:c5:ef:0c:fe:40:85:7e:48:7b:45:31:3e:5b:b6:
                    81:a8:fc:47:a5:16:a6:b9:c2:35:9d:ec:92:8c:30:
                    c7:fc:a0:e8:1d:fe:03:66:d3:ec:61:32:ff:f1:ca:
                    de:f8:4a:12:41:27:ed:9a:9d:9f:45:d9:a5:ad:99:
                    10:84:50:64:91:28:a6:a4:25:15:8d:32:73:5e:f9:
                    e3:d0:20:b0:8c:81:91:80:2d:bf:e6:1a:8d:23:79:
                    54:bf:47:60:86:24:b1:79:49:f4:d1:5f:00:42:93:
                    a6:29:67:ba:2c:d2:3e:0d:3c:bb:b5:ac:b5:cd:57:
                    ca:39:b9:14:37:64:b4:c7:76:20:30:c4:1f:3b:f3:
                    f6:f4:9c:ad:8a:05:0d:aa:a0:0b:6e:8c:e6:fc:26:
                    e0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:50:89:9A:11:4C:6F:CD:E0:BC:1D:91:D9:4F:A1:4A:AB:EA:3A:B6
            X509v3 Authority Key Identifier:
                keyid:9F:31:2E:92:97:BC:1D:27:EB:EB:47:6D:EA:0E:E1:5D:D7:56:54:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nzEukpe8HSfr60dt6g7hXddWVC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nVCJmhFMb83gvB2R2U-hSqvqOrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/dd5a28-df9d-4627-809d-bd5d3f00fbb2/1/nzEukpe8HSfr60dt6g7hXddWVC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.76.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:a3:57:3d:b5:fb:46:0a:9a:8a:02:24:06:0d:64:8e:57:41:
         bd:2d:61:a9:ee:6f:a1:39:72:3f:85:8d:b8:1f:23:e0:1b:ab:
         27:36:bd:bb:48:5e:82:5e:a8:25:07:28:2b:a5:8e:e9:b1:df:
         4c:0b:82:61:ca:dd:a4:28:0b:3a:00:f7:16:2f:59:6a:00:f8:
         10:49:c4:f8:3e:a2:d5:e8:8c:37:a9:7a:b5:e1:eb:7a:0e:f6:
         05:da:7e:89:a1:d7:41:83:64:23:70:3f:86:97:3f:48:72:ab:
         44:1f:87:78:65:b1:ea:64:c3:3e:a8:53:c2:ae:47:dc:57:c1:
         44:5e:af:65:a9:d7:9b:dd:cd:99:06:29:31:74:8f:94:a5:4b:
         fb:83:8a:04:11:39:67:fa:1c:f9:5f:4e:76:9b:1e:61:8a:6e:
         4b:89:00:7f:53:55:b0:b6:37:27:f2:31:ad:3c:56:9d:f3:e0:
         49:cd:83:d2:c1:6d:81:4a:ae:27:35:12:40:61:55:33:3a:31:
         28:f4:11:40:02:7a:d4:9c:b8:66:ba:1d:0c:a9:a7:da:3a:87:
         c4:7c:ef:41:80:91:f9:e8:41:c6:44:42:f4:40:16:30:2f:67:
         8e:08:c9:bb:48:df:0b:b0:3a:be:c7:4f:1b:b2:17:6f:5f:8f:
         19:01:1f:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ++KV20Kbzu710m6BJgbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMzEyZTkyOTdiYzFkMjdlYmViNDc2ZGVhMGVlMTVkZDc1
NjU0MmQwHhcNMjUwMTAxMDk0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDUwODk5YTExNGM2ZmNkZTBiYzFkOTFkOTRmYTE0YWFiZWEzYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArY6suB6+oe8WHsmjapVcXe+vewnQ
+g2dee9tThWQtOIHBUpgVhh7XypgBYILIKs1Yykw6epTsB/XGezjYiRCcmxRb8kv
f/Kql34USni1Vlsb6GfmTnOjpGZ+Navr4pAA/xCAZ9fqzyqMxe8M/kCFfkh7RTE+
W7aBqPxHpRamucI1neySjDDH/KDoHf4DZtPsYTL/8cre+EoSQSftmp2fRdmlrZkQ
hFBkkSimpCUVjTJzXvnj0CCwjIGRgC2/5hqNI3lUv0dghiSxeUn00V8AQpOmKWe6
LNI+DTy7tay1zVfKObkUN2S0x3YgMMQfO/P29JytigUNqqALbozm/CbgQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1QiZoRTG/N4LwdkdlPoUqr6jq2MB8GA1UdIwQY
MBaAFJ8xLpKXvB0n6+tHbeoO4V3XVlQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQt
YmQ1ZDNmMDBmYmIyLzEvblZDSm1oRk1iODNndkIyUjJVLWhTcXZxT3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9kZDVhMjgtZGY5ZC00NjI3LTgwOWQtYmQ1ZDNmMDBmYmIy
LzEvbnpFdWtwZThIU2ZyNjBkdDZnN2hYZGRXVkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0xWMA0G
CSqGSIb3DQEBCwUAA4IBAQADo1c9tftGCpqKAiQGDWSOV0G9LWGp7m+hOXI/hY24
HyPgG6snNr27SF6CXqglBygrpY7psd9MC4Jhyt2kKAs6APcWL1lqAPgQScT4PqLV
6Iw3qXq14et6DvYF2n6JoddBg2QjcD+Glz9IcqtEH4d4ZbHqZMM+qFPCrkfcV8FE
Xq9lqdeb3c2ZBikxdI+UpUv7g4oEETln+hz5X052mx5him5LiQB/U1Wwtjcn8jGt
PFad8+BJzYPSwW2BSq4nNRJAYVUzOjEo9BFAAnrUnLhmuh0MqafaOofEfO9BgJH5
6EHGREL0QBYwL2eOCMm7SN8LsDq+x08bshdvX48ZAR8E
-----END CERTIFICATE-----